mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
Update Release_Notes_4.0
John Johansen
parent
00f41ad395
commit
dcc19e0a85
1 changed files with 48 additions and 23 deletions
|
|
@ -23,34 +23,59 @@ The kernel portion of the project is maintained and pushed separately.
|
|||
|
||||
# Highlighted new features
|
||||
|
||||
- boolean policy operations
|
||||
- profile flags
|
||||
- prompt
|
||||
- audit.XXX
|
||||
- attach_disconnected.path
|
||||
- prefix
|
||||
- access, kill, prompt, complain
|
||||
- block prefxes
|
||||
|
||||
- audit ctl
|
||||
- quiet
|
||||
- conditionals
|
||||
- owner applies to more rules
|
||||
- user
|
||||
-
|
||||
- profile attachments
|
||||
- user
|
||||
- deny
|
||||
- boolean policy operations
|
||||
- policy overlays
|
||||
|
||||
- fine grained mediation
|
||||
- ipv4
|
||||
- ipv6
|
||||
- af_unix revisions
|
||||
- mqueue
|
||||
|
||||
- exec dominance
|
||||
- rule priority
|
||||
- capability improvements
|
||||
- rlimit improvements
|
||||
|
||||
- Policy now must declare the feature abi it was developed for if it is to use any new features. For further information please see the [wiki](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorpolicyfeaturesabi).
|
||||
- The use of profile names that are based on pathnames are deprecated. For further information please see the [wiki](https://gitlab.com/apparmor/apparmor/-/wikis/DeprecateProfilePathName).
|
||||
- Support for new kernel features (requires appropriate features abi tagging in policy)
|
||||
- upstream v8 network socket rules
|
||||
- [xattr attachment conditionals](https://gitlab.com/apparmor/apparmor/-/wikis/manpage_apparmor_xattrs.7)
|
||||
- capabilities PERFMON and BPF
|
||||
- rewritten aa-status
|
||||
- supports use in systems/images where python is not available
|
||||
- supports kill, unconfined and mixed profile modes
|
||||
- rewritten aa-notify
|
||||
- move from perl to python 3
|
||||
- shared backend with other python tools
|
||||
- support use of aa.CONFDIR instead of hard coded /etc/apparmor
|
||||
- improved message layout
|
||||
- improved support for kernels that support LSM stacking
|
||||
- support profile modes
|
||||
- enforce (default when no mode flag is supplied)
|
||||
- kill (experimental)
|
||||
- unconfined (experimental)
|
||||
- reference policy updated for 3.0 feature abi
|
||||
- basic support for [systemd v246 early load of apparmor policy](https://gitlab.com/apparmor/apparmor/-/wikis/AppArmorInSystemd#early-policy-loads).
|
||||
- new tool [aa-features-abi](https://gitlab.com/apparmor/apparmor/-/wikis/manpage_aa-features-abi.1) for extracting feature abis from the kernel
|
||||
- change_profile changes
|
||||
- policy restrictions
|
||||
- link
|
||||
- mount
|
||||
- move/rename
|
||||
- subtree
|
||||
- overlap attachment???
|
||||
|
||||
- conditionals
|
||||
- compare funs
|
||||
- used in preamble
|
||||
|
||||
- labels with rules
|
||||
- use label directive
|
||||
|
||||
- abi changes
|
||||
- rules not in policy abi can be used - warns
|
||||
|
||||
- raw text policy
|
||||
|
||||
- aa_load
|
||||
-
|
||||
|
||||
# Important Notes
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue